cnki-advanced-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Python Playwright workflow (SKILL.md and scripts/cnki_search.py) autonomously navigates to and scrapes the public CNKI site (https://www.cnki.net / https://kns.cnki.net), reads export page text via export_page.inner_text('body') and DOM queries, and uses that untrusted public content (counts, exported citations, abstracts) to drive decisions like layer downgrades, exports, and merges—thus exposing the agent to potential indirect prompt injection from third-party pages.